vrf: fix refcnt leak with vxlan slaves

Bug #1945180 reported by Nicolas Dichtel
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Medium
Unassigned
Focal
Fix Released
Medium
Unassigned

Bug Description

[Impact]

There are cases, where deleting a VRF device can hang waiting for the refcnt to drop to 0, with the message:
  unregister_netdevice: waiting for vrf1 to become free. Usage count = 1

This is fixed upstream with commit b87b04f5019e ("ipv4: Fix device used for dst_alloc with local routes"), included in linux v5.13. The original patch, which has introduced the bug, is included in linux v4.10.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b87b04f5019e

[Test Case]

The upstream patch includes a test case, which describe how to reproduce the bug.

[Regression Potential]

The patch affects ipv4 routing. It is straightforward, it links new dst to a vrf device instead of the loopback if needed.

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1945180

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: patch
Stefan Bader (smb)
Changed in linux (Ubuntu Focal):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu):
status: Incomplete → Fix Released
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Bionic):
status: Triaged → In Progress
Changed in linux (Ubuntu Focal):
status: Triaged → In Progress
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status: In Progress → Confirmed
status: Confirmed → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.4.0-90.101 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/4.15.0-162.170 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Kelsey Skunberg (kelsey-skunberg) wrote :

Hi Nicolas or Samuel, may you please verify the Bionic kernel in -proposed resolves this bug? You can find more instructions in comment #4. Thank you!

Revision history for this message
Samuel Gauthier (sgauthier) wrote :

Hi Kelsey, sorry, I missed the notification, I'll take care of it right away.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Changed in linux (Ubuntu):
assignee: nobody → Luke Nowakowski-Krijger (lukenow)
assignee: Luke Nowakowski-Krijger (lukenow) → nobody
Revision history for this message
Kelsey Skunberg (kelsey-skunberg) wrote :

Thank you, Samuel! :)

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.4 KiB)

This bug was fixed in the package linux - 4.15.0-162.170

---------------
linux (4.15.0-162.170) bionic; urgency=medium

  * bionic/linux: 4.15.0-162.170 -proposed tracker (LP: #1947293)

  * Add final-checks to check certificates (LP: #1947174)
    - [Packaging] Add system trusted and revocation keys final check

  * CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

  * CVE-2021-28950
    - fuse: fix live lock in fuse_iget()

  * CVE-2020-36322
    - fuse: fix bad inode

  * Bionic update: upstream stable patchset 2021-10-13 (LP: #1947011)
    - rcu: Fix missed wakeup of exp_wq waiters
    - apparmor: remove duplicate macro list_entry_is_head()
    - crypto: talitos - fix max key size for sha384 and sha512
    - sctp: validate chunk size in __rcv_asconf_lookup
    - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
    - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
    - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
    - 9p/trans_virtio: Remove sysfs file on probe failure
    - prctl: allow to setup brk for et_dyn executables
    - profiling: fix shift-out-of-bounds bugs
    - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was
      registered
    - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
    - parisc: Move pci_dev_is_behind_card_dino to where it is used
    - dmaengine: ioat: depends on !UML
    - dmaengine: xilinx_dma: Set DMA mask for coherent APIs
    - ceph: lockdep annotations for try_nonblocking_invalidate
    - nilfs2: fix memory leak in nilfs_sysfs_create_device_group
    - nilfs2: fix NULL pointer in nilfs_##name##_attr_release
    - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
    - pwm: rockchip: Don't modify HW state in .remove() callback
    - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
    - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
    - nilfs2: use refcount_dec_and_lock() to fix potential UAF
    - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()

  * Invalid backport to v4.15: missing pgtable_l5_enabled (LP: #1946464)
    - SAUCE: Revert "x86/mm: Don't free P4D table when it is folded at runtime"

  * CVE-2021-38199
    - NFSv4: Initialise connection to the server in nfs4_alloc_client()

  * CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

  * vrf: fix refcnt leak with vxlan slaves (LP: #1945180)
    - ipv4: Fix device used for dst_alloc with local routes

  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
    - [Packaging] Add fips-checks as part of finalchecks

  * CVE-2021-3759
    - memcg: enable accounting of ipc resources

  * Bionic update: upstream stable patchset 2021-09-27 (LP: #1945224)
...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (32.6 KiB)

This bug was fixed in the package linux - 5.4.0-90.101

---------------
linux (5.4.0-90.101) focal; urgency=medium

  * focal/linux: 5.4.0-90.101 -proposed tracker (LP: #1947260)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.10.18)

  * Add final-checks to check certificates (LP: #1947174)
    - [Packaging] Add system trusted and revocation keys final check

  * No sound on Lenovo laptop models Legion 15IMHG05, Yoga 7 14ITL5, and 13s
    Gen2 (LP: #1939052)
    - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
      15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops.
    - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s
      Gen2

  * CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

  * Focal update: v5.4.148 upstream stable release (LP: #1946802)
    - rtc: tps65910: Correct driver module alias
    - btrfs: wake up async_delalloc_pages waiters after submit
    - btrfs: reset replace target device to allocation state on close
    - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
    - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
    - PCI/MSI: Skip masking MSI-X on Xen PV
    - powerpc/perf/hv-gpci: Fix counter value parsing
    - xen: fix setting of max_pfn in shared_info
    - include/linux/list.h: add a macro to test if entry is pointing to the head
    - 9p/xen: Fix end of loop tests for list_for_each_entry
    - tools/thermal/tmon: Add cross compiling support
    - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
    - pinctrl: ingenic: Fix incorrect pull up/down info
    - soc: qcom: aoss: Fix the out of bound usage of cooling_devs
    - soc: aspeed: lpc-ctrl: Fix boundary check for mmap
    - soc: aspeed: p2a-ctrl: Fix boundary check for mmap
    - arm64: head: avoid over-mapping in map_memory
    - crypto: public_key: fix overflow during implicit conversion
    - block: bfq: fix bfq_set_next_ioprio_data()
    - power: supply: max17042: handle fails of reading status register
    - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
    - VMCI: fix NULL pointer dereference when unmapping queue pair
    - media: uvc: don't do DMA on stack
    - media: rc-loopback: return number of emitters rather than error
    - Revert "dmaengine: imx-sdma: refine to load context only once"
    - dmaengine: imx-sdma: remove duplicated sdma_load_context
    - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
    - ARM: 9105/1: atags_to_fdt: don't warn about stack size
    - PCI/portdrv: Enable Bandwidth Notification only if port supports it
    - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
    - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
    - PCI: xilinx-nwl: Enable the clock through CCF
    - PCI: aardvark: Fix checking for PIO status
    - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
    - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    - HID...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers